Re: [users@httpd] SSL Client Authentication Problem

Wed, 29 Dec 2010 03:53:27 -0800

----- Original Message ----- From: "Joost de Heer" <jo...@sanguis.xs4all.nl> 
To: <users@httpd.apache.org>
Sent: Wednesday, December 29, 2010 7:33 AM
Subject: Re: [us...@httpd] SSL Client Authentication Problem



The browser is supposed to request which client
certificate the user wants to use, then I can select the one I created and 
signed with ca.crt, which I have set as a trusted CA in the browser.


Did you import the client certificate in the browser?

Joost

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Hi,
I have imported client certificate into the browsers, and it makes no difference. All browsers stop immediately with the error, though Safari does get as far as displaying the Client Cert Selection dialog, but then it too encounters the error.
Even if client cert is not installed the browser should still come up with a dialog, eg as described in this article :- 

http://www.symantec.com/connect/articles/apache-2-ssltls-step-step-part-3
I note some other people have encountered this same problem, eg with Apache on FreeBSD :- 

http://forums.freebsd.org/showthread.php?t=5816
I think would be useful to have this feature as it adds an additional level of security, in that the user must have this certificate, as well as possess login information such as username and password, to access the secure site.
I have searched Google high and low and cannot find any evidence there is a bug in Apache which is causing this. Its happening on all major browsers, and on two platforms ie XP and FreeBSD, so maybe it is a bug, or what could be wrong with the config or creation of the certs and keys? 

Regards,
Alan.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to